ODRL Policy Modelling and Compliance Checking

This paper addresses the problem of constructing a policy pipeline that enables compliance checking of business processes against regulatory obligations. Towards this end, we propose an Open Digital Rights Language (ODRL) profile that can be used to capture the semantics of both business policies in the form of sets of required permissions and regulatory requirements in the form of deontic concepts, and present their translation into Answer Set Programming (via the Institutional Action Language (InstAL)) for compliance checking purposes. The result of the compliance checking is either a positive compliance result or an explanation pertaining to the aspects of the policy that are causing the noncompliance. The pipeline is illustrated using two (key) fragments of the General Data Protect Regulation, namely Articles 6 (Lawfulness of processing) and Articles 46 (Transfers subject to appropriate safeguards) and industrially-relevant use cases that involve the specification of sets of permissions that are needed to execute business processes. The core contributions of this paper are the ODRL profile, which is capable of modelling regulatory obligations and business policies, the exercise of modelling elements of GDPR in this semantic formalism, and the operationalisation of the model to demonstrate its capability to support personal data processing compliance checking, and a basis for explaining why the request is deemed compliant or not

An Outcome-Based Approach for Ensuring Regulatory Compliance of Business Processes

In service industries, such as healthcare, catering, tourism, etc., there exist regulations that require organisations’ service comply with the regulations. More and more regulations in the service sector are, or are aimed to be, outcome-focused regulations. An outcome prescribed in the regulation is what users should experience or achieve when the regulated business processes are compliant. Service providers need to proactively ensure that the outcomes specified in the regulations have been achieved prior to conducting the relevant part of the business or prior to inspectors discovering noncompliance. Current approaches check system requirements or business processes, not outcomes, against regulations and thus this still leaves uncertain as to whether what the users actually experience are really achieved. In this thesis, we propose an approach for assessing the compliance of process outcomes and improve the noncompliance. The approach is designed through the U.K’s. CQC regulations in the care home environment

Generic Solution Architecture Design of Regulatory Technology (RegTech)

Regulatory Technology, or RegTech, uses new technology that assists the financial industry, such as FinTech and banks, in meeting regulatory compliance. RegTech automates various regulatory compliance activities that were previously manual, such as regulatory interpretation and regulatory reporting, amidst the challenges of the increasing volume of regulations and operational data. Some cutting-edge technologies discovered at RegTech include big data analytics, artificial intelligence, machine learning, robotic process automation, and cloud computing. Although very dominant in the financial industry, RegTech solutions have the potential to be applied in other regulated industries besides finance. Several studies have explored the potential for applying RegTech in industries other than finance, such as charitable organizations, real estate marketplace, pharmaceuticals, and healthcare. Therefore, this study aims to design a generic RegTech solution architecture so that it can be adopted and applied in various regulated industries achieve regulatory compliance more efficiently. Based on the evaluation results, the proposed architecture can be applied in an industrial environment other than financial to be considered generic. Furthermore, an evaluation of the comparison of regulatory compliance business processes without and by implementing RegTech can produce a time efficiency of 95.16%. These results show that RegTech solutions can achieve regulatory compliance more efficiently

Event Entry Time Prediction in Financial Business Processes Using Machine Learning - A Use Case From Loan Applications

The recent financial crisis has forced politics to overthink regulatory structures and compliance mechanisms for the financial industry. Faced with these new challenges the financial industry in turn has to reevaluate their risk assessment mechanisms. While approaches to assess financial risks, have been widely addressed, the compliance of the underlying business processes is also crucial to ensure an end-to-end traceability of the given business events. This paper presents a novel approach to predict entry times and other key performance indicators of such events in a business process. A loan application process is used as a data example to evaluate the chosen feature modellings and algorithms

The Roots of Informal Responses to Regulatory Change: Non‐compliant Small Firms and the National Living Wage

How do small ‘non‐compliant’ firms (those evading existing regulations) react to further regulatory change? The impact of the National Living Wage in the UK in 2016 is analysed through 22 mostly longitudinal case studies of small non‐compliant firms. The varied responses, endurance of non‐compliance, and blurred and dynamic nature of transitions to compliance are discussed through the lens of institutional approaches to informality. The analysis sheds new light on the relative autonomy of micro processes and the conditions under which external forces affect these processes. Non‐compliant informality, as a persisting feature of small business, is unlikely to be transformed by legal regulation alone

Detecting regulatory compliance for business process models through semantic annotations

A given business process may face a large number of regulatory obligations the process may or comply with. Providing tools and techniques through which an evaluation of the compliance degree of a given process can be undertaken is seen as a key objective in emerging business process platforms. We address this problem through a diagnostic framework that provides the ability to assess the compliance gaps present in a given process. Checking whether a process is compliant with the rules involves enumerating all reachable states and is hence, in general, a hard search problem. The approach taken here allows to provide useful diagnostic information in polynomial time. The approach is based on two underlying techniques. A conceptually faithful representation for regulatory obligations is firstly provided by a formal rule language based on a non-monotonic deontic logic of violations. Secondly, processes are formalized through semantic annotations that allow a logical state space to be created. The intersection of the two allows us to devise an efficient method to detect compliance gaps; the method guarantees to detect all obligations that will necessarily arise during execution, but that will not necessarily be fulfilled

Regulation and Regulatory Processes

Regulation of business activity is nearly as old as law itself. In the last century, though, the use of regulation by modern governments has grown markedly in both volume and significance, to the point where nearly every facet of today’s economy is subject to some form of regulation. When successful, regulation can deliver important benefits to society; however, regulation can also impose undue costs on the economy and, when designed or implemented poorly, fail to meet public needs at all. Given the importance of sound regulation to society, its study by scholars of law and social science is also of paramount importance. In this chapter, we review the state of the field by focusing on four major areas of empirical research: (1) regulatory policy making, (2) regulatory enforcement, (3) business responses to regulation, and (4) innovative models of regulation. We begin by reviewing the political economy literature on the factors that influence government regulators as well as the ways that overseers may use administrative procedures to affect decisions of regulatory agencies. We next highlight the varied empirical findings on adversarial versus cooperative enforcement styles. We then review explanations for business responses to regulatory pressures, including the range of factors influencing compliance and beyond-compliance behavior. Finally, we survey the ever-growing research literature on innovative approaches to regulation, including self-regulation, performance standards, and market-based incentives. This chapter serves both as a stand-alone account of the existing state of empirical regulatory research by political scientists and researchers from other disciplines, as well as an introduction to the authors’ edited volume that reprints a diverse collection of classic studies of regulation and regulatory processes

Regulation and Regulatory Processes

Regulation of business activity is nearly as old as law itself. In the last century, though, the use of regulation by modern governments has grown markedly in both volume and significance, to the point where nearly every facet of today’s economy is subject to some form of regulation. When successful, regulation can deliver important benefits to society; however, regulation can also impose undue costs on the economy and, when designed or implemented poorly, fail to meet public needs at all. Given the importance of sound regulation to society, its study by scholars of law and social science is also of paramount importance. In this chapter, we review the state of the field by focusing on four major areas of empirical research: (1) regulatory policy making, (2) regulatory enforcement, (3) business responses to regulation, and (4) innovative models of regulation. We begin by reviewing the political economy literature on the factors that influence government regulators as well as the ways that overseers may use administrative procedures to affect decisions of regulatory agencies. We next highlight the varied empirical findings on adversarial versus cooperative enforcement styles. We then review explanations for business responses to regulatory pressures, including the range of factors influencing compliance and beyond-compliance behavior. Finally, we survey the ever-growing research literature on innovative approaches to regulation, including self-regulation, performance standards, and market-based incentives. This chapter serves both as a stand-alone account of the existing state of empirical regulatory research by political scientists and researchers from other disciplines, as well as an introduction to the authors’ edited volume that reprints a diverse collection of classic studies of regulation and regulatory processes